CWE-644: Improper Neutralization of HTTP Headers for Scripting Syntax
low-riskThe product does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers, such as Flash.
Abstraction: Variant
Common Consequences
Integrity
→
Execute Unauthorized Code or Commands
Confidentiality
→
Read Application Data
Real-World Examples (10)
| CVE | CVSS | EPSS | KEV |
|---|---|---|---|
| CVE-2017-6031 | 8.8 | 1.2% | — |
| CVE-2021-20784 | 6.1 | 0.8% | — |
| CVE-2024-1064 | 7.5 | 0.5% | — |
| CVE-2021-21265 | 6.8 | 0.5% | — |
| CVE-2024-47549 | 7.4 | 0.5% | — |
| CVE-2022-45102 | 5.4 | 0.4% | — |
| CVE-2022-34316 | 3.7 | 0.4% | — |
| CVE-2023-36921 | 7.2 | 0.4% | — |
| CVE-2023-34036 | 5.3 | 0.4% | — |
| CVE-2021-41114 | 4.8 | 0.3% | — |
0
/ 100
low-risk
Active Threat
0/50 · Minimal
Exploit Availability
0/50 · Minimal